[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sun, Apr 28, 2013 at 2:38 PM, Brad Rogers wrote: > That's what public key signing and the web of trust is for. I have to say I am a little sceptical about the scalability of the web of trust to every man and his dog. There have been several issues with the "web of trust" of certificate authorities to the point where many people believe that the idea of certificate authorities is broken. And these are organisations tend to spend a lot of money and effort into making sure they don't sign the wrong certificates. Of course, to communicate securely with your bank, you don't need a web of trust - you just need some kind of introduction. Like you going to the bank with your passport and a proof of address when you open the account. In principle email software could also be written to seamlessly encrypt/decrypt communication between you and the bank. In practise, it's probably a lot more secure for the bank to use their website - with the usual two-factor authentication most banks provide these days - and send an email without a link when there's a reason to check the website. Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq